Thank you for the comment, I'm glad you like the videos!

Thank you for the comment, I'm glad you liked the video!

You're right. I'll take a look at it soon. Thank you!

Thank you for the lovely comnent, I will try!

Thank you! I'm glad you liked it!

I will try my best!

Thank you, I'm glad you liked the video. 😊

Can you post here the warning message you're getting?

You're 100% correct, this rule wouldn't be necessary with standard default rules. But I personally am not a big fan of intra-zone allow as default, so I have in my lab an override with a deny for my intra-zone default rule. So I had to add this rule. But nice caught! :-)

Thank you for the comment. You don't need to configure anything in the server monitoring if you have a windows based User-ID agent. If you are trying to configure the PAN-OS User-ID agent, I would suggest you to think about the windows based agent, in my experience it's a lot less problematic to setup.

@@netsums Thank you very much for the advice. I will give that a try.

Answer is to export the CA cert from the originating firewall and then import it on each additional PA and setup the in a Cert Profile and attach that to the UserID Connection Security

You need to install the certificate on the User-ID server.

Hi. You probably need gouo mapping. Take a look at this video, there is a session there that I show how it can be configured: kzbin.info/www/bejne/hoapYpt3e5tjd7ssi=sKaytILFlLi2klYD Let me know later if the video could help you solve the problem. :-)

Sorry for the late reply. Hard to say, many reasons: - Port 5007 not being allowed - Certificate not bein able to validate (does it work without certificate validation?). Use Packet Capture to debug it - Pre-shared Key not matching... What error messages are you receiving?

@@netsums **excellent** video, worked perfectly. only extra thing related to this fellas question is we needed to add a windows firewall rule to allow the 5007 traffic before it would allow the communication

Thank you for the reply!